I am trying to transition to a HTTP-01 issued star domain certificate from a DNS-01 certificate for our companies website. We are using acme-tiny.
My Domain is:
scalgo.com
I run:
openssl req -new -sha256 -key privkey.pem -subj “/” -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf “[SAN]\nsubjectAltName=DNS:scalgo.com”) ) > domain.csr
acme-tiny --account-key ./account.key --csr ./domain.csr --acme-dir /web/challenges/ > ./signed_chain.crt
acme-tiny start a certification and gets a challange that we should serve at
http://scalgo.com/.well-known/acme-challenge/dLsrhLXw2soZBSKIwVxkBsjKxup9bcSCD0jCmse0afQ
using our nginx server. (Which we do, as you can validate).
It then gets stuck on verifying, acme-tiny requests the url
https://acme-v01.api.letsencrypt.org/acme/challenge/xxxxxxxxxxxxxxxxxxxxy3lx0XIDTSqdlxxxxxxxxxx/xxxxxxxxxx2
where it gets the response.
{“type”: “http-01”, “status”: “pending”, “uri”: “https://acme-v01.api.letsencrypt.org/acme/challenge/xxxxxxxxxxxxxxxxxxxxy3lx0XIDTSqdlxxxxxxxxxx/xxxxxxxxxx2”, “token”
: “dLsrhLXw2soZBSKIwVxkBsjKxup9bcSCD0jCmse0afQ”}
It then retries over and over again, but the status keeps on being pending, for at least 8 hours.
We also have a number of other domains we also want in the certificate, for instance www.scalgo.com and beta.scalgo.com. If i put only thoughs in the request without scalgo.com, acme-tiny produces a certificate almost immediately. If i include also scalgo.com it hangs on scalgo.com indefinitely.
Am I doing something wrong. Is there some special procedure one should go through to switch from a DNS-01 cert to a HTTP-01 cert?